CVE-2023-31936

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Jul 28, 2023

Updated: Dec 20, 2023

CWE ID 89

Summary

CVE-2023-31936 is a newly discovered sql injection vulnerability in the Rail Pass Management System v.1.0. Attackers can exploit this weakness by manipulating the viewid parameter in the view-pass-detail.php file. This vulnerability enables remote code execution, posing a significant risk to the targeted system. Successful exploitation could result in unauthorized access to sensitive data or even system takeover. Users are strongly urged to apply the available patch as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sJWpNW
https://www.cve.org/CVERecord?id=CVE-2023-31936
https://nvd.nist.gov/vuln/detail/CVE-2023-31936

Back to Vulnerability Database

CVE-2023-31936

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations